Alternative approach to deployment and payment for digital certificates
Abstract
A method for managing payment of digital certificates includes receiving a request to issue a digital certificate to a subscriber, capturing and saving payment information of the subscriber, performing a first authentication and verification of the subscriber at a first time, and performing at least one additional authentication and verification of the subscriber at least once every authentication period. A long-lived certificate is issued to the subscriber provided the subscriber is authenticated and verified. The long-lived certificate is valid for an expiration period. However, the long-lived certificate is revoked if (1) the additional authentications and verification produce invalid results, or (2) if payment is not received during a payment period. The authentication period is shorter than the expiration period and there are at least a first and a second authentication period within the expiration period. The expiration period is longer than the authentication period.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1. A method comprising:
receiving a request to issue a digital certificate to a subscriber system;
capturing, by a processor configured to perform digital certificate operations at a certificate authority system, and storing, in a memory at the certificate authority system, subscriber information of the subscriber system;
performing, by the processor, a first authentication and verification of the subscriber information;
issuing, by the processor, a long-lived digital certificate from the certificate authority system to the subscriber system over a network upon determining that the subscriber information in the first authentication and verification is authentic and valid, wherein the long-lived digital certificate is set to expire after an expiration period;
performing, by the processor, additional authentications and verifications of the subscriber information at least once during an authentication period, wherein the expiration period is longer than the authentication period, wherein there are multiple occurrences of the authentication period within the expiration period, wherein the number of authentication periods within the expiration period is determined based at least in part on the length of the expiration period, and wherein the additional authentication and verifications of the subscriber information do not comprise receiving a new request to issue a digital certificate to a subscriber system; and
causing, by the processor, revocation of the long-lived digital certificate at a revocation status database over a network upon determining that the subscriber information in any of the additional authentications and verifications is no longer valid or upon determining that payment is not received during a payment period, wherein the long-lived digital certificate is not reissued upon determining that the subscriber information in the additional authentications and verifications remains valid.
2. The method of claim 1 wherein a first occurrence of the at least once during an authentication period and a second occurrence of the at least once during an authentication period have a same time duration.
3. The method of claim 1 wherein a first occurrence of the at least once during an authentication period and a second occurrence of the at least once during an authentication period have different time durations.
4. The method of claim 1 further comprising automatically requesting payment during the payment period from an account number, wherein the subscriber information comprises payment information, and wherein the account number is stored with the payment information of the subscriber system.
5. The method of claim 1 further comprising receiving payment for the digital certificate before performing the first authentication and verification of the subscriber information.
6. The method of claim 1 further comprising receiving payment for continued use of the long-lived digital certificate after performing one of the additional authentications and verifications of the subscriber information.
7. The method of claim 1 further comprising requesting updated subscriber information from the subscriber system upon determining that the subscriber information in one of the additional authentications and verifications is no longer valid.
8. The method of claim 1 further comprising causing revocation of the long-lived digital certificate at the revocation status database upon receiving a request to terminate the long-lived digital certificate.
9. The method of claim 1 further comprising activating the long-lived digital certificate upon receiving payment for a payment period.
10. The method of claim 1 :
wherein the request to issue the digital certificate specifies a requested time period for the digital certificate to expire; and
wherein the expiration period of the long-lived digital certificate is set to be longer than the requested time period.
11. The method of claim 1 wherein the expiration period is set to be five years.
12. The method of claim 1 wherein the authentication period is eighteen months.
13. The method of claim 1 wherein the payment period is three months.
14. The method of claim 1 further comprising activating the long-lived digital certificate for the payment period upon receiving payment.
15. The method of claim 1 wherein the authentication period and the payment period have different time durations.
16. The method of claim 1 wherein the authentication period and the payment period have a same time duration.
17. A method comprising:
receiving a request to issue a digital certificate to a subscriber system;
capturing, by a processor configured to perform digital certificate operations at a certificate authority system, and storing, in a memory at the certificate authority system, subscriber information of the subscriber system;
performing, by the processor, a first authentication and verification of the subscriber information;
issuing, by the processor, a long-lived digital certificate from the certificate authority system to the subscriber system over a network upon determining that the subscriber information in the first authentication and verification is authentic and valid, wherein the long-lived digital certificate is set to expire after an expiration period;
performing, by the processor, additional authentications and verifications of the subscriber information at least once during an authentication period, wherein the expiration period is longer than the authentication period, wherein there are multiple occurrences of the authentication period within the expiration period, wherein the number of authentication periods within the expiration period is determined based at least in part on the length of the expiration period, and wherein the additional authentication and verifications of the subscriber information do not comprise receiving a new request to issue a digital certificate to a subscriber system; and
causing, by the processor, revocation of the long-lived digital certificate at a revocation status database over a network upon determining that the subscriber information in any of the additional authentications and verifications is no longer valid, wherein the long-lived digital certificate is not reissued upon determining that the subscriber information in the additional authentications and verifications remains valid.
18. The method of claim 17 further comprising causing revocation of the long-lived digital certificate at the revocation status database upon determining that payment is not received during a payment period.
19. A system comprising:
an interface at a certificate authority system configured to:
receive a request to issue a digital certificate to a subscriber system;
a processor configured to perform digital certificate operations at the certificate authority system, the operations configured to:
capture and store, in a memory, subscriber information of the subscriber system;
perform a first authentication and verification of the subscriber information;
issue a long-lived digital certificate from the certificate authority system to the subscriber system over a network upon determination that the subscriber information in the first authentication and verification is authentic and valid, wherein the long-lived digital certificate is set to expire after an expiration period;
perform additional authentications and verifications of the subscriber information at least once during an authentication period, wherein the expiration period is longer than the authentication period, wherein there are multiple occurrences of the authentication period within the expiration period, wherein the number of authentication periods within the expiration period is determined based at least in part on the length of the expiration period, and wherein the additional authentication and verifications of the subscriber information do not comprise receiving a new request to issue a digital certificate to a subscriber system; and
cause revocation of the long-lived digital certificate at a revocation status database over a network upon determination that the subscriber information in any of the additional authentications and verifications is no longer valid, wherein the long-lived digital certificate is not reissued upon determination that the subscriber information in the additional authentications and verifications remains valid.
20. The system of claim 19 wherein the processor is further configured to cause revocation of the long-lived digital certificate at the revocation status database upon determination that payment is not received during a payment period.
21. The system of claim 20 wherein:
the processor is further configured to generate during the payment period a payment request from an account number, wherein the subscriber information comprises payment information, and wherein the account number is stored in the memory with the payment information of the subscriber system; and
the processor is further configured to send the payment request to the subscriber system.
22. A non-transitory computer-readable memory having instructions that, when executed by a processor, cause the processor to:
receive a request to issue a digital certificate to a subscriber system;
capture, by a processor configured to perform digital certificate operations at a certificate authority system, and store, in a memory at the certificate authority system, subscriber information of the subscriber system;
perform a first authentication and verification of the subscriber information;
issue a long-lived digital certificate from the certificate authority system to the subscriber system over a network upon determination that the subscriber information in the first authentication and verification is authentic and valid, wherein the long-lived digital certificate is set to expire after an expiration period;
perform additional authentications and verifications of the subscriber information at least once during an authentication period, wherein the expiration period is longer than the authentication period, wherein there are multiple occurrences of the authentication period within the expiration period, wherein the number of authentication periods within the expiration period is determined based at least in part on the length of the expiration period, and wherein the additional authentication and verifications of the subscriber information do not comprise receiving a new request to issue a digital certificate to a subscriber system; and
cause, by the processor, revocation of the long-lived digital certificate at a revocation status database over a network upon determination that the subscriber information in any of the additional authentications and verifications is no longer valid, wherein the long-lived digital certificate is not reissued upon determination that the subscriber information in the additional authentications and verifications remains valid.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.